7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.4%
Package : mxml
Version : 2.6-2+deb8u1
CVE ID : CVE-2016-4570 CVE-2016-4571 CVE-2018-20004
Debian Bug : 825855 918007
Several stack exhaustion conditions were found in mxml that can easily
crash when parsing xml files.
CVE-2016-4570
The mxmlDelete function in mxml-node.c allows remote attackers to
cause a denial of service (stack consumption) via crafted xml file.
CVE-2016-4571
The mxml_write_node function in mxml-file.c allows remote attackers
to cause a denial of service (stack consumption) via crafted xml
file
CVE-2018-20004
A stack-based buffer overflow in mxml_write_node via vectors
involving a double-precision floating point number.
For Debian 8 "Jessie", these problems have been fixed in version
2.6-2+deb8u1.
We recommend that you upgrade your mxml packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | amd64 | libmxml1 | < 2.6-2+deb8u1 | libmxml1_2.6-2+deb8u1_amd64.deb |
Debian | 8 | amd64 | libmxml-dev | < 2.6-2+deb8u1 | libmxml-dev_2.6-2+deb8u1_amd64.deb |
Debian | 8 | i386 | libmxml1 | < 2.6-2+deb8u1 | libmxml1_2.6-2+deb8u1_i386.deb |
Debian | 8 | armhf | libmxml1 | < 2.6-2+deb8u1 | libmxml1_2.6-2+deb8u1_armhf.deb |
Debian | 8 | armhf | libmxml-dev | < 2.6-2+deb8u1 | libmxml-dev_2.6-2+deb8u1_armhf.deb |
Debian | 8 | armel | libmxml1 | < 2.6-2+deb8u1 | libmxml1_2.6-2+deb8u1_armel.deb |
Debian | 8 | i386 | libmxml-dev | < 2.6-2+deb8u1 | libmxml-dev_2.6-2+deb8u1_i386.deb |
Debian | 8 | armel | libmxml-dev | < 2.6-2+deb8u1 | libmxml-dev_2.6-2+deb8u1_armel.deb |
Debian | 8 | all | mxml | < 2.6-2+deb8u1 | mxml_2.6-2+deb8u1_all.deb |
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.4%